works

a8f2fd76 · Orosz Bence · 06dfb3bd · a8f2fd76 · a8f2fd76 · a8f2fd76
Commit a8f2fd76 authored Oct 24, 2021 by Orosz Bence
--- a/.gitignore
+++ b/.gitignore
+.venv
+.idea
+tmp/*
\ No newline at end of file
--- a/ansible.cfg
+++ b/ansible.cfg
+[defaults]
+inventory = inventory.yml
+timeout = 30
+host_key_checking = False
\ No newline at end of file
--- a/bootstrap.sh
+++ b/bootstrap.sh
+#!/usr/bin/env bash
+########################### Folder setup ####################################
+[[ ! -d ./tasks ]] && mkdir tasks
+[[ ! -d ./vars ]] && mkdir vars
+#Password Vault file
+if [ ! -f vars/password-vault.yml ]; then
+cat << EOF > vars/password-vault.yml
+---
+sudopass: #TODO replace it
+EOF
+    echo "vars/password-vault.yml has created. Please fill the decrypt password."
+    ansible-vault encrypt vars/password-vault.yml
+    echo "vars/password-vault.yml has created. Please fill the missing arguments."
+else
+    echo "vars/password-vault.yml already exists!"
+fi
+########################### Virtualenv setup ####################################
+# create virtualenv if not present
+[[ ! -d .venv ]] && python3 -m venv .venv
+source .venv/bin/activate
+pip3 install wheel
+pip3 install ansible
+pip3 install docker
+pip3 install docker-py 
+########################### Ansible setup ####################################
+ansible-galaxy install -r requirements.galaxy.yml --force
+########################### Help ####################################
+echo
+echo "########################################"
+echo
+echo "Your playbooks:"
+find . -maxdepth 1 -type f -name "*.yml" | grep -v inventory
+echo
+echo "Recommendation: Set up your OpenSSH config based on inventory.yml"
+echo
+echo "You can run playbook with:"
+printf "\tansible-playbook -i inventory.yml your-playbook.yml --ask-vault-pass"
+echo
--- a/inventory.yml
+++ b/inventory.yml
+---
+richardvm:
+  hosts:
+    richardvm.sch.bme.hu:
+      ansible_host: 152.66.211.105 
+      mac_vlan211: 00:50:56:10:3d:21 
+      ip_vlan211: 152.66.211.105/24
+      ansible_become_pass: "{{ sudopass }}"
+      ansible_ssh_user: richard
+      ansible_become: yes
+all:
+  children:
+    richardvm: {}
--- a/main.yml
+++ b/main.yml
+---
+- name: basic stuffs
+  hosts: all
+  gather_facts: no
+  tags: basic
+  vars_files:
+    - vars/password-vault.yml
+  tasks:
+    - name: create richard user
+      import_tasks: tasks/create-richard-user.yaml
+- name: basic stuffs
+  hosts: all
+  gather_facts: yes
+  tags: basic
+  vars_files:
+    - vars/password-vault.yml
+  vars:
+    network_configs:
+      - 40-vlan211-static
+  tasks:
+    - name: apt install basic packages
+      become: true
+      apt:
+        name: "{{ item }}"
+        state: present
+        update_cache: "yes"
+      with_items:
+        - open-vm-tools
+      tags: basic
+    - name: set up banner
+      import_tasks: tasks/banner.yaml
+    - name: "set up networks"
+      import_tasks: tasks/network.yaml
+    - name: "set up petalinux"
+      import_tasks: tasks/petalinux.yaml
--- a/requirements.galaxy.yml
+++ b/requirements.galaxy.yml
+---
+# items from https://galaxy.ansible.com/home
+collections:
+  - ansible.posix
+  - community.docker
+roles:
+  - geerlingguy.docker
+  - src: git@git.sch.bme.hu:NETAdmin/ansibleroles/neteamvm.git
+    scm: git
+    #ref: 2.0.0
+    name: neteam.vm
--- a/run.sh
+++ b/run.sh
+#!/bin/bash
+source .venv/bin/activate
+ansible-playbook main.yml --ask-vault-pass
--- a/tasks/banner.yaml
+++ b/tasks/banner.yaml
+---
+- name: Install figlet for creating motd
+  package:
+    state: present
+    name:
+      - figlet
+- name: Generate motd ascii from text
+  command: figlet {{ motd_text | default(ansible_hostname.split('.')[0]) }}
+  register: motd_ascii_art
+  changed_when: false
+- name: Install update-motd
+  apt:
+    name: update-motd
+    state: present
+- name: Remove parts of factory banner
+  become: true
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /etc/update-motd.d/10-help-text
+    - /etc/update-motd.d/50-motd-news
+- name: Place motd file.
+  template:
+    src: etc/update-motd.d/motd.sh.j2
+    dest: /etc/update-motd.d/40-custom-banner
+    mode: 0755
+- name: Update motd
+  command: update-motd
+  changed_when: false
--- a/tasks/create-richard-user.yaml
+++ b/tasks/create-richard-user.yaml
+---
+- name: Try connecting as richard
+  ping: {}
+  changed_when: False
+  register: ans
+  ignore_errors: yes
+  ignore_unreachable: yes
+- name: Connect as ubuntu user
+  when: '"unreachable" in ans and ans.unreachable'
+  set_fact:
+    ansible_ssh_user: ubuntu
+  changed_when: False
+  delegate_to: localhost
+- block:
+    - name: Create richard user
+      user:
+        name: richard
+        append: yes
+        shell: /bin/bash
+        groups:
+          - sudo
+        password: "{{ sudopass | password_hash('sha512') }}"
+    - name: Create .ssh folder
+      file:
+        state: directory
+        path: /home/richard/.ssh
+        owner: richard
+        group: richard
+        mode: "700"
+    - name: Add currently approved keys to richard
+      copy:
+        src: "/home/ubuntu/.ssh/authorized_keys"
+        dest: /home/richard/.ssh/authorized_keys
+        remote_src: yes
+        owner: richard
+        group: richard
+        mode: "600"
+    - name: Change back to richard user
+      set_fact:
+        ansible_ssh_user: richard
+    - name: Kill remaining procecces of ubuntu user
+      command: killall -u ubuntu
+      register: ubuntu_is_kil
+      failed_when: ubuntu_is_kil.stdout.strip() != ""
+    - name: Remove ubuntu user
+      user:
+        name: ubuntu
+        state: absent
+    - name: Remove unconditional sudo for ubuntu user
+      file:
+        path: /etc/sudoers.d/90-cloud-init-users
+        state: absent
+    - name: Add trusted ssh keys
+      authorized_key:
+        key: "https://git.sch.bme.hu/{{ item }}.keys"
+        user: richard
+        state: present
+      with_items:
+        - szabo_richard
+        - woranhun
+    - name: Gather facts
+      gather_facts:
+        parallel: yes
+  when: '"unreachable" in ans and ans.unreachable'
--- a/tasks/network.yaml
+++ b/tasks/network.yaml
+---
+- name: Remove parts of factory netplan
+  become: true
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /etc/netplan/50-cloud-init.yaml
+- name: Configure netplan
+  become: true
+  template:
+    src: etc/netplan/{{ item }}.yml.j2
+    dest: /etc/netplan/{{ item }}.yaml
+  with_items: "{{ network_configs }}"
+- name: run netplan apply
+  become: true
+  command: netplan apply
+  changed_when: false
--- a/tasks/petalinux.yaml
+++ b/tasks/petalinux.yaml
+---
+- name: make sh bash symlink
+  become: true
+  ansible.builtin.shell: ln -sf /bin/bash /bin/sh
+- name: copy plnx-env-setup
+  become: true
+  template:
+    src: plnx-env-setup.sh
+    dest: /root/plnx-env-setup.sh
+    mode: 0755
+- name: run /root/plnx-env-setup.sh
+  become: true
+  ansible.builtin.shell: /root/plnx-env-setup.sh > /root/plnx-env-setup.output
+- name: apt install required packages
+  become: true
+  apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: "yes"
+    cache_valid_time: 9600
+  with_items:
+    - iproute2
+    - gcc
+    - g++
+    - net-tools
+    - libncurses5-dev
+    - zlib1g:i386
+    - libssl-dev
+    - flex
+    - bison
+    - libselinux1
+    - xterm
+    - autoconf
+    - libtool
+    - texinfo
+    - zlib1g-dev
+    - gcc-multilib
+    - build-essential
+    - screen
+    - pax
+    - gawk
+    - python3
+    - python3-pexpect
+    - python3-pip
+    - python3-git
+    - python3-jinja2
+    - xz-utils
+    - debianutils
+    - iputils-ping
+    - libegl1-mesa
+    - libsdl1.2-dev
+    - pylint3
+    - cpio
+    - python
+    - git
+    - make
+    - gnupg
+    - wget
+    - git-core
+    - diffstat
+    - chrpath
+    - socat
+    - tar
+    - unzip
+    - automake
+    - gzip
+- name: create /tools folder
+  become: true
+  file:
+    path: /tools
+    state: directory
+    mode: 0755
+- name: create /tools/Xilinx folder
+  become: true
+  file:
+    path: /tools/Xilinx
+    state: directory
+    mode: 0755
+    owner: richard
+    group: richard
+- name: create /tools/Xilinx/PetaLinux folder
+  become: true
+  file:
+    path: /tools/Xilinx/PetaLinux
+    state: directory
+    mode: 0755
+    owner: richard
+    group: richard
+- name: create /tools/Xilinx/PetaLinux/2021.1 folder
+  become: true
+  file:
+    path: /tools/Xilinx/PetaLinux/2021.1
+    state: directory
+    mode: 0755
+    owner: richard
+    group: richard
+- name: copy installer
+  copy:
+    src: ../tmp/petalinux-v2021.1-final-installer.run
+    dest: /home/richard/petalinux-v2021.1-final-installer.run
+# - name: run installer
+#   ansible.builtin.shell: /home/richard/petalinux-v2021.1-final-installer.run -d /tools/Xilinx/PetaLinux/2021.1
+- name: "Check if .bashrc add settings is set"
+  shell: grep -c "^source /tools/Xilinx/PetaLinux/2021.1/settings.sh" /home/richard/.bashrc || true
+  register: bashrcok
+  changed_when: false
+- name: ".bashrc add settings"
+  lineinfile:
+    dest: /home/richard/.bashrc
+    line: "source /tools/Xilinx/PetaLinux/2021.1/settings.sh"
+  when: bashrcok.stdout == "0"
+- name: create /Xilinx folder
+  become: true
+  file:
+    path: /Xilinx
+    state: directory
+    mode: 0755
+    owner: richard
+    group: richard
+- name: create /Xilinx/PetaLinux/ folder
+  become: true
+  file:
+    path: /Xilinx/PetaLinux/
+    state: directory
+    mode: 0755
+    owner: richard
+    group: richard
--- a/templates/etc/netplan/40-vlan211-static.yml.j2
+++ b/templates/etc/netplan/40-vlan211-static.yml.j2
+network:
+  version: 2
+  renderer: networkd
+  ethernets:
+    ens160:
+      dhcp4: no
+      addresses: [{{ ip_vlan211 }}]
+      routes:
+      - to: 0.0.0.0/0
+        via: 152.66.211.254
+        metric: 200
+      match:
+        macaddress: {{ mac_vlan211 }}
+      set-name: ens160
+      nameservers:
+        addresses: [152.66.208.1, 1.1.1.1]
+        search: [sch.bme.hu]
--- a/templates/etc/update-motd.d/motd.sh.j2
+++ b/templates/etc/update-motd.d/motd.sh.j2
+#!/bin/sh
+# !!!
+# {{ ansible_managed }}
+# !!!
+# source: http://patorjk.com/software/taag/#p=display&f=Standard&t=KSZK%20server
+cat <<EOF
+{% for line in  motd_ascii_art.stdout.split('\n') %}
+{{ line | replace("`","\\`") }}
+{% endfor %}
+EOF
+echo "! ! !"
+echo "! Deployed with Ansible on {{ template_run_date.strftime('%Y-%m-%d %H:%M') }}."
+echo "! ! !"
--- a/templates/plnx-env-setup.sh
+++ b/templates/plnx-env-setup.sh
+#!/bin/bash
+#PetaLinux environment setup script
+#original version by Tony McDowell (tmcdowe@xilinx.com)
+#updated version by Sandeep Gundlupet Raju (sandeep.gundlupet-raju@xilinx.com)
+# Enable debug=1 mode -- this disables actual changes on the host machine using dry-run options.
+# Disable debbug=0 to proceed with installation
+debug=0;
+#get OS pretty name
+osPrettyName=`cat /etc/os-release | grep PRETTY_NAME | sed 's/.*="\(.*\)"/\1/'`;
+centosVersion=`cat /etc/centos-release | sed 's/[^0-9.]*\([0-9.]*\).*/\1/'`;
+osKernelVer=`uname -r`
+echo "***************************************************************";
+echo "PetaLinux Environment Setup Tool";
+echo "Running on $osPrettyName ($osKernelVer)";
+echo "***************************************************************";
+#print the debug message header
+if [ $debug -eq 1 ]; then echo "***DEBUG MODE ON!***"; fi; 
+echo " "
+echo -n "NOTE: Check for superuser..."
+#get the actual user
+if [ $SUDO_USER ]; then actualUser=$SUDO_USER; else actualUser=`whoami`; fi
+#get the effective user
+currentUser=`whoami`
+if [ $currentUser != "root" ]; then echo "FAILED! \r\n Please re-run this script as sudo"; exit 1; else echo "SUCCESS! (from "$actualUser")"; fi;
+#determine the host OS from the pretty_name
+if [[ $(echo $osPrettyName | grep buntu) ]]; then
+	hostOS="ubuntu";
+	#echo "Running on Ubuntu";
+elif [[ $(echo $osPrettyName | grep CentOS) ]]; then
+	hostOS="centos";
+	echo "Running on CentOS version $centosVersion";
+elif [[ $(echo $osPrettyName | grep "Red Hat") ]]; then
+	hostOS="rhel";
+	#echo "Running on Red Hat";
+else
+	echo "ERROR: Cannot determine host operating system!"
+	echo "This script is only supported on Ubuntu, CentOS, and RHEL Linux distribution!"
+	exit 1;	
+fi;
+## declare the package lists
+debPackages=(iproute2 gawk python3 python build-essential gcc git make net-tools libncurses5-dev tftpd zlib1g-dev libssl-dev flex bison libselinux1 gnupg wget git-core diffstat chrpath socat xterm autoconf libtool tar unzip texinfo zlib1g-dev gcc-multilib automake zlib1g:i386 screen pax gzip cpio python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev pylint3);
+rhelPackages=(net-tools gawk make wget tar bzip2 gzip python3 unzip perl patch diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath socat perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue python3-pip python3-GitPython python3-jinja2 python3-pexpect xz which SDL-devel xterm autoconf libtool.x86_64 zlib-devel automake glib2-devel zlib ncurses-devel openssl-devel dos2unix flex bison glibc.i686 glibc.x86_64 screen pax glibc-devel.i686 compat-libstdc++-33.i686 libstdc++.i686 libstdc++.x86_64);
+if [ $hostOS == "ubuntu" ]; then
+	packageList=(${debPackages[@]});
+elif [ $hostOS == "rhel" ]; then
+	packageList=(${rhelPackages[@]});
+elif [ $hostOS == "centos" ]; then
+	packageList=(${rhelPackages[@]});
+fi;
+#update shell on UBUNTU only
+#place this portion near the start of the script so that it runs before sudo expires if package installation takes a long time
+if [ $hostOS == "ubuntu" ]; then
+	echo -n "NOTE: Checking for DASH shell as default (Ubuntu only)...";
+	if echo `echo $0` | grep 'dash'; then
+		echo "FOUND!";
+		echo -n "NOTE: Changing default shell to from DASH to BASH...";
+		export DEBIAN_FRONTEND=noninteractive;
+		export DEBCONF_NONINTERACTIVE_SEEN=true;
+		echo "dash dash/sh boolean false" | debconf-set-selections;
+		dpkg-reconfigure dash;
+		unset DEBIAN_FRONTEND;
+		unset DEBCONF_NONINTERACTIVE_SEEN;
+		echo "DONE!";
+		echo "INFO: You must log out of this shell and back in for change to take effect";
+	else
+		echo "NOT FOUND!";
+	fi;
+fi;
+#start building the package installation command line
+if [ $hostOS == "ubuntu" ]; then
+	packageCommand="apt";
+elif [ $hostOS == "rhel" ]; then
+	packageCommand="yum";
+elif [ $hostOS == "centos" ]; then
+	packageCommand="yum";	
+fi;
+#DEBIAN/UBUNTU ONLY -- check if dpkg repo is set up for 32-bit packages
+if [ $hostOS == "ubuntu" ]; then
+	echo -n "NOTE: Check for x86 package access..."
+	foreignArchitecture=`dpkg --print-foreign-architectures | grep i386`;
+	if [ $foreignArchitecture == "i386" ]; then 
+		echo "FOUND!"; 
+	else 
+		echo "NOT FOUND! Now adding i386 foreign archiecture to dpkg";
+		sudo dpkg --add-architexture i386; 
+	fi;
+fi;
+#make sure the package lists are up-to-date
+echo "NOTE: Updating the package lists...";
+if [ $hostOS == "ubuntu" ]; then
+	sudo $packageCommand update;
+elif [ $hostOS == "rhel" ]; then
+	sudo $packageCommand makecache;
+elif [ $hostOS == "centos" ]; then
+	sudo $packageCommand makecache;
+fi;
+#install the packages
+for package in "${packageList[@]}"; do
+	echo "######";
+	echo "NOTE: Processing package: "$package;
+	echo -n "NOTE: Checking to see if package is already installed..."
+	installPackage=0;
+	if [ $hostOS == "ubuntu" ]; then
+		if [[ $($packageCommand -qq list $package | grep installed) ]]; then
+			echo "INSTALLED! Skipping."
+		else
+			echo "NOT INSTALLED!";
+			echo "Starting installation of package $package";
+			packageInstallCommand="$packageCommand install";
+			if [ $debug -eq 1 ]; then 
+				packageInstallCommand+=" --dry-run";
+			else
+				packageInstallCommand+=" -y";
+			fi;
+			sudo $packageInstallCommand $package;
+		fi;
+	elif [ $hostOS == "rhel" ] || [ $hostOS == "centos" ]; then
+		if [[ $($packageCommand list installed | grep $package) ]]; then
+			echo "INSTALLED! Skipping."
+		else
+			echo "NOT INSTALLED!";
+			echo "Starting installation of package $package";
+			packageInstallCommand="$packageCommand install";
+			if [ $debug -eq 1 ]; then 
+				packageInstallCommand+=" --assumeno";
+			else
+				packageInstallCommand+=" -y";
+			fi;
+			sudo $packageInstallCommand $package;
+		fi;
+	fi;	
+	echo "Package installation complete for package $package";
+	echo -e "######\n";
+done;
+# For CentOS/RHEL version 7 install GitPython jinja2 using pip3 commands
+if [ $hostOS == "rhel" ] || [ $hostOS == "centos" ] && [ $debug -eq 0 ]; then
+	echo "NOTE: Installing GitPython jinja2 using pip3 commands";
+	pip3 install GitPython jinja2;
+fi;
+echo "INFO: Environment setup complete!";
--- a/vars/AD.yml
+++ b/vars/AD.yml
+---
+Domain: wifi.test
+ADJoinusername: nocSA
+ADJoinpassword: "{{ ADJoinpw }}"
+ADLoginGroup: NOCUsers
+ADNocSudo: NOCSudo
\ No newline at end of file
--- a/vars/noc.yml
+++ b/vars/noc.yml
+---
+noc-a:
+  - vlans:
+      - 69:10.69.69.1
+ssh:
+  allowedIPv4Range: "152.66.0.0/16"
+  allowedIPv6Range: "2001:738:2001::/48"
+  ansibleRunnerIP: "10.151.0.34/16"
+  port: 22
+iptablesDEBUG: false
+#TODO ezt dinamikussá reszelni
+ntp_server_ip: 10.151.0.53
\ No newline at end of file
--- a/vars/password-vault.yml
+++ b/vars/password-vault.yml
+$ANSIBLE_VAULT;1.1;AES256
+65343565393737313237366630306635646433656339383037616337613265633339323831393362
+3634306137666661623235373361656534333061663038350a653139653939636235383932636634
+37386366633233666139646532376634616538623663393664613539326564393065643538623834
+3463633161643061320a373136323637326564356435643363386666653934656466666431616431
+31333834363938613639396237323639393436323432303233383137636435373137